Data Protection

Physical Security

• All entrances/exits require badge access and are digitally recorded
• 24/7 surveillance system utilizes cameras and motion sensors
• 24/7 monitoring of alarms by professional response team
• Badge access permissions follow rule of least privilege

Personnel Security

• Comprehensive background checks for all new hires
• All employees sign NDA protecting client confidentiality
• Continual IT security awareness training

Data Transfer and Storage Security

• Encrypted client connections via VPN, Citrix and/or SFTP for all data transfers
• Data Isolation – stored independently to ensure privacy and confidentiality
• Data Classification – increasing security measures applied to more sensitive data
• Data access controls follow rule of least privilege
• DoD Standard 5220.22-M is followed for destruction of all old media

Network Security

• Enterprise level secure gateway
• Real time network health monitoring
• Regular internal and external vulnerability assessments and penetration tests
• Standardized patch management process for all network devices
• Enterprise level endpoint protection

Compliance

• Annual SSAE 16 Type II certification by third party firm
• Internal development follows a formal change control management process
• Incident response team to identify, contain and recover from events
• Risk Management – ongoing process to analyze, assess, remediate and report on risks
• Actively tested business continuity procedures to handle short or long term disruptions